sentencepiece
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill provides instructions to run
sudo make installin the C++ quick start section. This command acquires root permissions, which is flagged as high risk (Category 5). - [External Downloads] (INFO): The documentation suggests cloning the source from
https://github.com/google/sentencepiece.git. This download is from a trusted organization ('google'), qualifying the reference for a severity downgrade to INFO. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted text data for tokenization (Category 8). Ingestion occurs in
sp.encodeandSentencePieceTrainer.train. As the output is limited to subword units and the skill lacks execution or exfiltration capabilities, the risk of instruction execution via data is low.
Recommendations
- AI detected serious security threats
Audit Metadata